August 2024 - Linux-stable-mirror

[PATCH] firmware_loader: Block path traversal

by Jann Horn

Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace; the ones I could find (not counting interfaces that require root privileges) are: - lpfc_sli4_request_firmware_update() seems to construct the firmware filename from "ModelName", a string that was previously parsed out of some descriptor ("Vital Product Data") in lpfc_fill_vpd() - nfp_net_fw_find() seems to construct a firmware filename from a model name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I think parses some descriptor that was read from the device. (But this case likely isn't exploitable because the format string looks like "netronome/nic_%s", and there shouldn't be any *folders* starting with "netronome/nic_". The previous case was different because there, the "%s" is *at the start* of the format string.) - module_flash_fw_schedule() is reachable from the ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is enough to pass the privilege check), and takes a userspace-provided firmware name. (But I think to reach this case, you need to have CAP_NET_ADMIN over a network namespace that a special kind of ethernet device is mapped into, so I think this is not a viable attack path in practice.) For what it's worth, I went looking and haven't found any USB device drivers that use the firmware loader dangerously. Cc: stable(a)vger.kernel.org Fixes: abb139e75c2c ("firmware: teach the kernel to load firmware files directly from the filesystem") Signed-off-by: Jann Horn <jannh(a)google.com> --- I wasn't sure whether to mark this one for stable or not - but I think since there seems to be at least one PCI device model which could trigger firmware loading with directory traversal, we should probably backport the fix? --- drivers/base/firmware_loader/main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a03ee4b11134..a32be64f3bf5 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -864,7 +864,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, if (!firmware_p) return -EINVAL; - if (!name || name[0] == '\0') { + /* + * Reject firmware file names with "/../" sequences in them. + * There are drivers that construct firmware file names from + * device-supplied strings, and we don't want some device to be able + * to tell us "I would like to be sent my firmware from + * ../../../etc/shadow, please". + */ + if (!name || name[0] == '\0' || + strstr(name, "/../") != NULL || strncmp(name, "../", 3) == 0) { ret = -EINVAL; goto out; } --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240820-firmware-traversal-6df8501b0fe4 -- Jann Horn <jannh(a)google.com>

4 weeks, 1 day

4
7
0 0

Patch "drm/amd/display: Don't register panel_power_savings on OLED panels"

by Gergo Koteles

Hi Greg, I think commit 76cb763e6ea62e838ccc8f7a1ea4246d690fccc9 should be applied to 6.10 kernel to disable Adaptive Backlight Management for OLED displays. Thanks, Gergo Koteles

4 weeks, 1 day

2
1
0 0

[PATCH 5.15.y 00/18] Backport "make svc_stat per-net instead of global"

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Following up on https://lore.kernel.org/linux-nfs/d4b235df-4ee5-4824-9d48-e3b3c1f1f4d1@orac… Here is a backport series targeting origin/linux-5.15.y that closes the information leak described in the above thread. Review comments welcome. Chuck Lever (6): NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() Jeff Layton (2): nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Josef Bacik (10): sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfsd/export.c | 32 ++++-- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++++++++++++--------------- fs/nfsd/nfsctl.c | 24 ++--- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 24 +++-- fs/nfsd/stats.c | 52 ++++------ fs/nfsd/stats.h | 83 ++++++--------- fs/nfsd/trace.h | 22 ++++ fs/nfsd/vfs.c | 6 +- include/linux/sunrpc/svc.h | 5 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++++--- 18 files changed, 302 insertions(+), 231 deletions(-) -- 2.45.2

4 weeks, 1 day

2
19
0 0

[PATCH 6.6.y] stm32mp15: WARNING after poweroff command

by Christoph Niedermaier

Hi stable team, I would suggest to apply the patch 470a66268856 ("i2c: stm32f7: Add atomic_xfer method to driver") from 6.7-rc1 to the stable Kernel 6.6.y. Here is why: After the commit 6e9df38f359a ("mfd: stpmic1: Add PMIC poweroff via sys-off handler") from 6.5-rc1 the following WARNING appears after calling the poweroff command: [ 791.813369] systemd-shutdown[1]: Syncing filesystems and block devices. [ 792.865580] systemd-shutdown[1]: Sending SIGTERM to remaining processes... [ 792.921103] systemd-journald[101]: Received SIGTERM from PID 1 (systemd-shutdow). [ 792.936515] systemd-shutdown[1]: Sending SIGKILL to remaining processes... [ 792.968715] systemd-shutdown[1]: Unmounting file systems. [ 792.979332] (sd-remount)[315]: Remounting '/' read-only with options ''. [ 793.219266] EXT4-fs (mmcblk2p4): re-mounted f7da42a1-2eed-4d39-a31e-e0ffadb97b28 ro. Quota mode: disabled. [ 793.238398] systemd-shutdown[1]: All filesystems unmounted. [ 793.242736] systemd-shutdown[1]: Deactivating swaps. [ 793.248004] systemd-shutdown[1]: All swaps deactivated. [ 793.252937] systemd-shutdown[1]: Detaching loop devices. [ 793.272548] systemd-shutdown[1]: All loop devices detached. [ 793.276918] systemd-shutdown[1]: Stopping MD devices. [ 793.282790] systemd-shutdown[1]: All MD devices stopped. [ 793.287128] systemd-shutdown[1]: Detaching DM devices. [ 793.292995] systemd-shutdown[1]: All DM devices detached. [ 793.297731] systemd-shutdown[1]: All filesystems, swaps, loop devices, MD devices and DM devices detached. [ 793.320636] systemd-shutdown[1]: Syncing filesystems and block devices. [ 793.326078] systemd-shutdown[1]: Powering off. [ 793.348421] reboot: Power down [ 793.350129] ------------[ cut here ]------------ [ 793.354691] WARNING: CPU: 0 PID: 1 at drivers/i2c/i2c-core.h:42 i2c_transfer+0x5d/0x7c [ 793.362617] No atomic I2C transfer handler for 'i2c-2' [ 793.367780] Modules linked in: [ 793.370838] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 6.6.41-lardisbox2-00053-g41e0b7f0166f #12 [ 793.380047] Hardware name: STM32 (Device Tree Support) [ 793.385122] unwind_backtrace from show_stack+0xb/0xc [ 793.390215] show_stack from dump_stack_lvl+0x2b/0x34 [ 793.395202] dump_stack_lvl from __warn+0x5d/0xc4 [ 793.399993] __warn from warn_slowpath_fmt+0x55/0xa8 [ 793.404887] warn_slowpath_fmt from i2c_transfer+0x5d/0x7c [ 793.410387] i2c_transfer from regmap_i2c_read+0x41/0x6c [ 793.415681] regmap_i2c_read from _regmap_raw_read+0x87/0xe8 [ 793.421378] _regmap_raw_read from _regmap_bus_read+0x21/0x38 [ 793.427079] _regmap_bus_read from _regmap_read+0x55/0x9c [ 793.432477] _regmap_read from _regmap_update_bits+0x71/0xa4 [ 793.438175] _regmap_update_bits from regmap_update_bits_base+0x2f/0x42 [ 793.444784] regmap_update_bits_base from stpmic1_power_off+0x19/0x20 [ 793.451188] stpmic1_power_off from sys_off_notify+0x1b/0x38 [ 793.456880] sys_off_notify from notifier_call_chain+0x57/0x78 [ 793.462668] notifier_call_chain from atomic_notifier_call_chain+0x11/0x16 [ 793.469562] atomic_notifier_call_chain from do_kernel_power_off+0x21/0x38 [ 793.476461] do_kernel_power_off from __do_sys_reboot+0xdf/0x150 [ 793.482456] __do_sys_reboot from ret_fast_syscall+0x1/0x5c [ 793.488042] Exception stack(0xf0815fa8 to 0xf0815ff0) [ 793.493017] 5fa0: 00000000 00000000 fee1dead 28121969 4321fedc 00000000 [ 793.501218] 5fc0: 00000000 00000000 00000000 00000058 0001884c 00000003 00000000 00018140 [ 793.509414] 5fe0: 00000058 bee18c34 b6c20cdd b6b995a6 [ 793.514478] ---[ end trace 000000000000000 This can be eliminated by backporting the above mentioned patch. I tested it with a DHCOM stm32mp157c on a PDK2 board. Thanks and regards Christoph

4 weeks, 1 day

2
1
0 0

Re: Patch "gtp: pull network headers in gtp_dev_xmit()" has been added to the 6.10-stable tree

by Pablo Neira Ayuso

Hi Sasha, Greg, Could you cherry-pick this patch for other -stable kernels? I confirm this applies up to >= 4.19-stable since it already includes pskb_inet_may_pull(). Thanks. On Mon, Aug 19, 2024 at 10:20:22AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > gtp: pull network headers in gtp_dev_xmit() > > to the 6.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gtp-pull-network-headers-in-gtp_dev_xmit.patch > and it can be found in the queue-6.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 70c490935879f95a7d81403d107e7aa9a0bd7b31 > Author: Eric Dumazet <edumazet(a)google.com> > Date: Thu Aug 8 13:24:55 2024 +0000 > > gtp: pull network headers in gtp_dev_xmit() > > [ Upstream commit 3a3be7ff9224f424e485287b54be00d2c6bd9c40 ] > > syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] > > We must make sure the IPv4 or Ipv6 header is pulled in skb->head > before accessing fields in them. > > Use pskb_inet_may_pull() to fix this issue. > > [1] > BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] > BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > ipv6_pdp_find drivers/net/gtp.c:220 [inline] > gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > __netdev_start_xmit include/linux/netdevice.h:4913 [inline] > netdev_start_xmit include/linux/netdevice.h:4922 [inline] > xmit_one net/core/dev.c:3580 [inline] > dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 > __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 > dev_queue_xmit include/linux/netdevice.h:3105 [inline] > packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 > packet_snd net/packet/af_packet.c:3145 [inline] > packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Uninit was created at: > slab_post_alloc_hook mm/slub.c:3994 [inline] > slab_alloc_node mm/slub.c:4037 [inline] > kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 > kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 > __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 > alloc_skb include/linux/skbuff.h:1320 [inline] > alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 > sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 > packet_alloc_skb net/packet/af_packet.c:2994 [inline] > packet_snd net/packet/af_packet.c:3088 [inline] > packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 > > Fixes: 999cb275c807 ("gtp: add IPv6 support") > Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") > Signed-off-by: Eric Dumazet <edumazet(a)google.com> > Cc: Harald Welte <laforge(a)gnumonks.org> > Reviewed-by: Pablo Neira Ayuso <pablo(a)netfilter.org> > Link: https://patch.msgid.link/20240808132455.3413916-1-edumazet@google.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c > index 427b91aca50d3..0696faf60013e 100644 > --- a/drivers/net/gtp.c > +++ b/drivers/net/gtp.c > @@ -1269,6 +1269,9 @@ static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev) > if (skb_cow_head(skb, dev->needed_headroom)) > goto tx_err; > > + if (!pskb_inet_may_pull(skb)) > + goto tx_err; > + > skb_reset_inner_headers(skb); > > /* PDP context lookups in gtp_build_skb_*() need rcu read-side lock. */

4 weeks, 1 day

2
1
0 0

+ padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: padata: honor the caller's alignment in case of chunk_size 0 has been added to the -mm mm-hotfixes-unstable branch. Its filename is padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kamlesh Gurudasani <kamlesh(a)ti.com> Subject: padata: honor the caller's alignment in case of chunk_size 0 Date: Thu, 22 Aug 2024 02:32:52 +0530 In the case where we are forcing the ps.chunk_size to be at least 1, we are ignoring the caller's alignment. Move the forcing of ps.chunk_size to be at least 1 before rounding it up to caller's alignment, so that caller's alignment is honored. While at it, use max() to force the ps.chunk_size to be at least 1 to improve readability. Link: https://lkml.kernel.org/r/20240822-max-v1-1-cb4bc5b1c101@ti.com Fixes: 6d45e1c948a8 ("padata: Fix possible divide-by-0 panic in padata_mt_helper()") Signed-off-by: Kamlesh Gurudasani <kamlesh(a)ti.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/padata.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/kernel/padata.c~padata-honor-the-callers-alignment-in-case-of-chunk_size-0 +++ a/kernel/padata.c @@ -509,21 +509,17 @@ void __init padata_do_multithreaded(stru /* * Chunk size is the amount of work a helper does per call to the - * thread function. Load balance large jobs between threads by + * thread function. Load balance large jobs between threads by * increasing the number of chunks, guarantee at least the minimum * chunk size from the caller, and honor the caller's alignment. + * Ensure chunk_size is at least 1 to prevent divide-by-0 + * panic in padata_mt_helper(). */ ps.chunk_size = job->size / (ps.nworks * load_balance_factor); ps.chunk_size = max(ps.chunk_size, job->min_chunk); + ps.chunk_size = max(ps.chunk_size, 1ul); ps.chunk_size = roundup(ps.chunk_size, job->align); - /* - * chunk_size can be 0 if the caller sets min_chunk to 0. So force it - * to at least 1 to prevent divide-by-0 panic in padata_mt_helper().` - */ - if (!ps.chunk_size) - ps.chunk_size = 1U; - list_for_each_entry(pw, &works, pw_list) if (job->numa_aware) { int old_node = atomic_read(&last_used_nid); _ Patches currently in -mm which might be from kamlesh(a)ti.com are padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch

4 weeks, 1 day

1
0
0 0

+ revert-mm-skip-cma-pages-when-they-are-not-available.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "mm: skip CMA pages when they are not available" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-skip-cma-pages-when-they-are-not-available.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: Revert "mm: skip CMA pages when they are not available" Date: Wed, 21 Aug 2024 20:26:07 +0100 This reverts commit 5da226dbfce3a2f44978c2c7cf88166e69a6788b. lruvec->lru_lock is highly contended and is held when calling isolate_lru_folios. If the lru has a large number of CMA folios consecutively, while the allocation type requested is not MIGRATE_MOVABLE, isolate_lru_folios can hold the lock for a very long time while it skips those. For FIO workload, ~150million order=0 folios were skipped to isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high memory pressure for extended periods of time [2]. [1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevG… [2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available +++ a/mm/vmscan.c @@ -1604,25 +1604,6 @@ static __always_inline void update_lru_s } -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /* * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. * @@ -1669,8 +1650,7 @@ static unsigned long isolate_lru_folios( nr_pages = folio_nr_pages(folio); total_scan += nr_pages; - if (folio_zonenum(folio) > sc->reclaim_idx || - skip_cma(folio, sc)) { + if (folio_zonenum(folio) > sc->reclaim_idx) { nr_skipped[folio_zonenum(folio)] += nr_pages; move_to = &folios_skipped; goto move; @@ -4273,6 +4253,25 @@ void lru_gen_soft_reclaim(struct mem_cgr #endif /* CONFIG_MEMCG */ +#ifdef CONFIG_CMA +/* + * It is waste of effort to scan and reclaim CMA pages if it is not available + * for current allocation context. Kswapd can not be enrolled as it can not + * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL + */ +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return !current_is_kswapd() && + gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && + folio_migratetype(folio) == MIGRATE_CMA; +} +#else +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return false; +} +#endif + /****************************************************************************** * the eviction ******************************************************************************/ _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are revert-mm-skip-cma-pages-when-they-are-not-available.patch

4 weeks, 1 day

1
0
0 0

RE: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit

by Li, Roman

[Public] Thank you, Jiri, for your feedback. I've dropped this patch from DC v.3.2.297. We will follow-up on this separately and merge it after you do confirm the issue you reported is fixed. Thanks, Roman > -----Original Message----- > From: Jiri Slaby <jirislaby(a)kernel.org> > Sent: Monday, August 19, 2024 4:37 AM > To: Li, Roman <Roman.Li(a)amd.com>; amd-gfx(a)lists.freedesktop.org > Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Lin, Wayne > <Wayne.Lin(a)amd.com>; Gutierrez, Agustin <Agustin.Gutierrez(a)amd.com>; > Chung, ChiaHsuan (Tom) <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry > <Jerry.Zuo(a)amd.com>; Mohamed, Zaeem <Zaeem.Mohamed(a)amd.com> > Subject: Re: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > > On 16. 08. 24, 21:30, Li, Roman wrote: > > [Public] > > > > Wiil update commit message as: > > > > ------------- > > drm/amd/display: Fix MST DSC lightup > > > > [Why] > > Secondary monitor does not come up due to MST DSC bw calculation > regression. > > This patch is only related to this. It does not fix that issue on its own at all. > > > [How] > > Fix bug in try_disable_dsc() > > This update is worse than the original, IMO. > > Could you write saner commit logs in the whole amdgpu overall? > > If you insist on those [why] and [how] parts, something like: > """ > [Why] > The linked commit below misreverted one hunk in try_disable_dsc(). > > [How] > Fix that by using proper (original) 'max_kbps' instead of bogus 'stream_kbps'. > "" > > > Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > > Regression") > > > > Cc: mario.limonciello(a)amd.com > > Cc: alexander.deucher(a)amd.com > > Cc: stable(a)vger.kernel.org > > Reported-by: jirislaby(a)kernel.org > > Care to fix up your machinery so that listed people are really CCed? I received a > copy of neither the original (4b6564cb120c), nor this one. > > Nor any mentions in the linked #3495 at all. > > I would have told you that 4b6564cb120c is bogus. Immediately when it hit > me as it differs from our (SUSE) in-tree revert in exactly this hunk. If I have > known about this in the first place... > > And you would have received a Tested-by if it had worked. > > Given all the above, amdgpu workflow appears to be very ill. Please fix it. > > > Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 > > Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 > > Reviewed-by: Roman Li <roman.li(a)amd.com> > > Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > > Signed-off-by: Roman Li <roman.li(a)amd.com> > > Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> > > > > > >> -----Original Message----- > >> From: Roman.Li(a)amd.com <Roman.Li(a)amd.com> > >> Sent: Thursday, August 15, 2024 6:45 PM > >> To: amd-gfx(a)lists.freedesktop.org > >> Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > >> <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > >> Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Li, Roman > >> <Roman.Li(a)amd.com>; Lin, Wayne <Wayne.Lin(a)amd.com>; Gutierrez, > >> Agustin <Agustin.Gutierrez(a)amd.com>; Chung, ChiaHsuan (Tom) > >> <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com>; > Mohamed, > >> Zaeem <Zaeem.Mohamed(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com> > >> Subject: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > >> > >> From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> > >> A typo is fixed for "drm/amd/display: Fix MST BW calculation Regression" > >> > >> Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > >> Regression") > >> > >> Reviewed-by: Roman Li <roman.li(a)amd.com> > >> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> Signed-off-by: Roman Li <roman.li(a)amd.com> > >> --- > >> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | > 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git > >> a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> index 958fad0d5307..5e08ca700c3f 100644 > >> --- > a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> +++ > b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> @@ -1066,7 +1066,7 @@ static int try_disable_dsc(struct > >> drm_atomic_state *state, > >> vars[next_index].dsc_enabled = false; > >> vars[next_index].bpp_x16 = 0; > >> } else { > >> - vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, > >> fec_overhead_multiplier_x1000); > >> + vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.max_kbps, > >> fec_overhead_multiplier_x1000); > >> ret = drm_dp_atomic_find_time_slots(state, > >> > >> params[next_index].port->mgr, > >> > >> params[next_index].port, > > > thanks, > -- > js > suse labs

4 weeks, 1 day

3
4
0 0

[PATCH] net: stmmac: Check NULL ptr on lvts_data in qcom_ethqos_probe()

by Ma Ke

of_device_get_match_data() can return NULL if of_match_device failed, and the pointer 'data' was dereferenced without checking against NULL. Add checking of pointer 'data' in qcom_ethqos_probe(). Cc: stable(a)vger.kernel.org Fixes: a7c30e62d4b8 ("net: stmmac: Add driver for Qualcomm ethqos") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c index 901a3c1959fa..f18393fe58a4 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c @@ -838,6 +838,9 @@ static int qcom_ethqos_probe(struct platform_device *pdev) ethqos->mac_base = stmmac_res.addr; data = of_device_get_match_data(dev); + if (!data) + return -ENODEV; + ethqos->por = data->por; ethqos->num_por = data->num_por; ethqos->rgmii_config_loopback_en = data->rgmii_config_loopback_en; -- 2.25.1

1 month

3
2
0 0

[PATCH] bpftool: check for NULL ptr of btf in codegen_subskel_datasecs

by Ma Ke

bpf_object__btf() can return NULL value. If bpf_object__btf returns null, do not progress through codegen_subskel_datasecs(). This avoids a null ptr dereference. Found by code review, complie tested only. Cc: stable(a)vger.kernel.org Fixes: 00389c58ffe9 ("bpftool: Add support for subskeletons") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- tools/bpf/bpftool/gen.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/bpf/bpftool/gen.c b/tools/bpf/bpftool/gen.c index 5a4d3240689e..7ce62f280310 100644 --- a/tools/bpf/bpftool/gen.c +++ b/tools/bpf/bpftool/gen.c @@ -334,6 +334,9 @@ static int codegen_subskel_datasecs(struct bpf_object *obj, const char *obj_name const char *sec_name, *var_name; __u32 var_type_id; + if (!btf) + return -EINVAL; + d = btf_dump__new(btf, codegen_btf_dump_printf, NULL, NULL); if (!d) return -errno; -- 2.25.1

1 month

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024